Synchroweb

synchroweb

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-11190 1Synchroweb 1Kiwire Nov 17, 2025 Oct 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
CVE-2025-11189 1Synchroweb 1Kiwire Nov 17, 2025 Oct 10, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
CVE-2025-11188 1Synchroweb 1Kiwire Nov 14, 2025 Oct 10, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
CVE-2013-2690 1Synchroweb 1Synconnect Apr 29, 2026 Mar 28, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action.